org.clazzes.util.http.sec
Class HttpCheckLoginHelper
java.lang.Object
org.clazzes.util.http.sec.HttpCheckLoginHelper
public abstract class HttpCheckLoginHelper
- extends Object
A static helper for serlvets, which perform access checks on behalf
of a HttpLoginService
.
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
LOGIN_URL_HEADER
public static final String LOGIN_URL_HEADER
- See Also:
- Constant Field Values
HttpCheckLoginHelper
public HttpCheckLoginHelper()
checkLogin
public static final Principal checkLogin(HttpLoginService service,
javax.servlet.http.HttpServletRequest req,
javax.servlet.http.HttpServletResponse resp)
throws IOException
- Call
HttpLoginService.checkLogin(HttpServletRequest)
and
write a HTTP unauthorized status (401) with the login URL contained in
the response header "X-HTTP-util-login-url"
, if no user is logged in.
- Parameters:
service
- The login service.req
- The servlet request.resp
- The servlet response.
- Returns:
- The logged in user. If
null
is returned,
a servlet response with status 401 has been written by this method
and the servlet has to return immediately.
- Throws:
IOException
- Upon errors writing a response.- See Also:
sendLoginRequired(HttpServletResponse, String)
sendLoginRequired
public static final void sendLoginRequired(javax.servlet.http.HttpServletResponse resp,
String loginUrl)
throws IOException
- Write a HTTP unauthorized status (401) with the login URL contained in
the response header
"X-HTTP-util-login-url"
as response
to the client.
- Parameters:
resp
- The servlet response.loginUrl
- A login URL as returned by HttpLoginService.getLoginUrl()
.
- Throws:
IOException
- Upon errors writing to the servlet response.
checkPermission
public static final boolean checkPermission(HttpLoginService service,
javax.servlet.http.HttpServletRequest req,
javax.servlet.http.HttpServletResponse resp)
throws IOException
- Call
HttpLoginService.checkPermission(HttpServletRequest, String)
on a context URL composed from the request URL without server and protocol.
If permission is denied a HTTP forbidden response (403) is written
to the response.
- Parameters:
service
- The login service.req
- The servlet request.resp
- The servlet response.
- Returns:
- Whether permission is granted. If
false
is returned,
a servlet response has written and the servlet has
to return immediately.
- Throws:
IOException
- Upon errors writing a response.
Copyright © 2012. All Rights Reserved.